In his first address to the North American Securities Administrators Association (NASAA), newly-elected and third-time President Joseph Borg identified key priorities for his upcoming term. He emphasized cooperation between state and federal regulators and highlighted NASAA’s commitment to strengthened enforcement, technology advancement and cybersecurity. Coinciding with the change in leadership, NASAA issued three important publications: 1) an enforcement report of U.S member securities regulators, 2) a cybersecurity checklist for investment advisors, and 3) an updateon the expanded use of the organization’s Model Fee Disclosure Schedule.

NASAA 2017 ENFORCEMENT REPORT

On September 27, 2017, NASAA published its annual Enforcement Report. The report is based on data provided by state regulators and covers the 2016 fiscal or calendar year. In the report’s introduction, NASAA Enforcement Section Chair Keith Woodwell reaffirmed that securities fraud continues to pose “a significant and real risk to investors.”

The raw numbers described in the report are significant. Of the over 9000 documented complaints filed and over 4000 investigations undertaken, state securities regulators pursued more than 2000 enforcement actions, including 1606 classified as Administrative, 138 as Civil, 241 as Criminal and 32 as other.

The outcomes of these actions are similarly significant. In monetary relief obtained, the survey reports that over $230 million was returned to investors as restitution, $682 million was levied in fines and penalties and another $5 million was levied in the form of reimbursement to state regulators for costs and expenses.

In terms of criminal sanctions, which include “bans on future activity, bans from trading securities, financial penalties and prison sentences” the consequences were steep. NAASA cites several figures to demonstrate the success of its focus on “bad actors.” (See Bates coverage of the issue.) In particular, NAASA aggregated the length of time in incarcerations and probations doled out over the year, which amounted to 824 and 522 years, respectively. Perhaps a more revealing measure is that state regulators “revoked, barred, suspended, or prohibited the licenses/registrations of more than 250 individuals and firms, and denied or conditioned the licenses/registrations of more than 400 others.” Some 2,800 license/registration requests were withdrawn as a result of mere state “attention.” Notably, the number of enforcement actions against registered individuals and firms including broker-dealers, investment advisors, and their agents and representatives was similar to the number of actions against unregistered individuals and firms (620 vs. 604).

There were a number of other highlights in the report including a focus on senior exploitation (see recent Bates coverage). The report notes the uptick in state legislative and enforcement activity including the successful adoption by thirteen legislatures of NASAA’s Model legislation. Further, formal enforcement actions in 2016 included more than 1000 senior victims involving fraud related to unregistered and traditional securities, affinity scams and others.

Consistent with President Borg’s remarks, the NASAA report also highlighted increased collaboration and coordination between state and federal regulators. The survey revealed that state regulators shared intelligence in about 164 cases, shared referrals with FINRA in about 148 cases, and shared evidence with state and federal law enforcement agencies in 354 cases

Chair Woodwell concluded:

“With the continued pressure on investors to turn to riskier asset classes in order to generate reasonable rates of return, the growing complexity of financial products, the evolving technology behind the securities markets, and the increasing frequency of investment scams (many of which target our most vulnerable seniors), vigilance by regulators is essential.”

NASAA PUBLISHES CYBERSECURITY CHECKLIST

A biennial NASAA Investment Advisor Coordinated Examination Report revealed 698 deficiencies involving cybersecurity. The report, which covered 37 jurisdictions between January and June 2017, identified serious deficiencies in this area including: “no or inadequate cybersecurity insurance, no testing of cybersecurity vulnerability, lack of procedures regarding securing or limiting access to devices, no technology specialist or consultant, and a lack of procedures regarding hardware and software updates or upgrades.” In a public statement, NASAA officials noted that the majority of increases in deficiencies reported are attributable to the new compliance areas for examination including cybersecurity. As a result, NASAA announced the publication of a new Cybersecurity Checklist for Investment Advisers. The new checklist includes assessment areas to help advisers “identify, protect and detect cybersecurity vulnerabilities and to respond to and recover from cyber events.”

NASAA BROKER FEE MODEL GAINS TRACTION

NASAA also announced that several additional broker-dealer firms have adopted the organization’s Model Fee Disclosure Schedule developed by a NASAA Working Group and effective in September 2015. Merrill Lynch, Voya Financial Advisors Inc., Ladenburg Thalmann and Cetera Financial Group are the newest firms to join the standardized effort to enhance disclosure in order to help “investors better understand and compare various broker-dealer miscellaneous account and service fees and to provide guidelines to make fee disclosure accessible and transparent.” There are now 27 firms using the Model Fee Schedule. (Additional information including sample Fee Schedules can be found here.)

In his inaugural speech, Mr. Borg noted the consistency of NASAA leadership. The contemporaneous announcement of these ongoing efforts underscores that continuity. Bates will continue to keep you apprised.